Ethereal-dev: Re: [Ethereal-dev] Problems with "follow TCP stream" function in "ISO7073 on top

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Olivier Biot" <ethereal@xxxxxxxxxx>
Date: Wed, 28 Jan 2004 21:31:20 +0100
You should try to distinguish between ISO8073 over Ethernet and the
other cases. The simplest way to achieve this is to register the
ISO8073 dissector twice, as is done in the WSP dissector, for which I
paste the relevant code snippets below:

proto_wsp = proto_register_protocol(
  "Wireless Session Protocol",    /* protocol name for use by ethereal
*/
  "WSP",                          /* short version of name */
  "wsp"                        /* Abbreviated protocol name,
             should Match IANA:
     < URL:http://www.isi.edu/in-notes/iana/assignments/port-numbers/
>
          */
);
register_dissector("wsp-co", dissect_wsp_fromwap_co, proto_wsp);
register_dissector("wsp-cl", dissect_wsp_fromwap_cl, proto_wsp);

Regards,

Olivier
----- Original Message ----- 
From: "Ulf Lamping"

| Hi List!
|
| A colleque of mine told me of a bug in Ethereal he had discovered,
when
| using the "follow TCP stream" function in combination with some
special
| ISO8073 packets.
|
| The packets will look like this in the "Packet Details" window:
|
| -Frame
| -Ethernet II
| -Internet Protocol
| -Transmission Control Protocol
| -TPKT
| -ISO8073
|
| When using the "follow TCP stream" function on this kind of packets,
| this results just in an empty TCP stream.
| The problem is, that the generated filter string will have both
source
| and destination ports set to zero, which will obviously show no
packets
| at all.
|
|
| Info: The usual protocol stack of an ISO8073 packet will look like
this:
|
| -Frame
| -Ethernet II
| -ISO8073
|
| So it's obviously no TCP ports involved in the normal ISO8073
| communication at all.
|
|
| Just debugged a bit, points me to the following problem:
| ISO8073 packets are "usually" used on top of Ethernet II, not on top
of
| TCP as in this special case. As this is true, the packet_info
srcport
| and destport fields are used
| to carry the somewhat equally src_ref and dest_ref info from the ISO
| packets. This is ok when used with ISO8073 only (see packet_clnp.c
line
| 872 for details).
|
| As the packets "making problems" are using TCP *and* ISO8073, we get
a
| conflict here, as both protocols tries to use this port fields to
store
| their info in.
|
| I'm not sure, what the storing of the src_ref / dest_ref fields is
good
| for. This might be helpful for the conversation stuff, but I don't
have
| much knowledge of this things.
|
| As there's a conflict in the protocols here, I need some advice to
solve
| this, as this bug can be annoying in everydays work...
|
| Regards, ULFL
|
| P.S: I can send an example capture file for this!
|
| _______________________________________________
| Ethereal-dev mailing list
| Ethereal-dev@xxxxxxxxxxxx
| http://www.ethereal.com/mailman/listinfo/ethereal-dev
|